[−][src]Module rpki::sigobj::spec
Signed Objects Specification.
This is a documentation-only module. It summarizes the specification for signed objects, how they are to be parsed and constructed.
Signed objects are CMS signed objects that have been severly limited in the options of the various fields. They are specified in RFC 6488 while CMS is specified in RFC 5652.
A signed object is a CMS object with a single signed data obhect in it.
A CMS object is:
ContentInfo ::= SEQUENCE {
contentType ContentType,
content [0] EXPLICIT ANY DEFINED BY contentType }
The contentType must be oid::SIGNED_DATA
and the content a
SignedData object (however, note the [0] EXPLICIT
there) as follows:
SignedData ::= SEQUENCE {
version CMSVersion,
digestAlgorithms DigestAlgorithmIdentifiers,
encapContentInfo EncapsulatedContentInfo,
certificates [0] IMPLICIT CertificateSet OPTIONAL,
crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
signerInfos SignerInfos }
EncapsulatedContentInfo ::= SEQUENCE {
eContentType ContentType,
eContent [0] EXPLICIT OCTET STRING OPTIONAL }
CertificateSet ::= SET OF CertificateChoices
CertificateChoices ::= CHOICE {
certificate Certificate,
extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
v1AttrCert [1] IMPLICIT AttributeCertificateV1,-- Obsolete
v2AttrCert [2] IMPLICIT AttributeCertificateV2,
other [3] IMPLICIT OtherCertificateFormat }
Limitations imposed by RFC 6488 are as follows:
- The version must be 3.
- The digestAlgorithms set must be exactly one algorithm chosen from
those defined in RFC 7935. The
DigestAlgorithm
type implements both the DigestAlgorithmIdentifier and DigestAlgorithmIndentifiers definitions (the latter viatake_set_from
andencode_set
). - The eContentType field of encapContentInfo defines the type of an object. Check the specific signed objects for their matching object ID.
- The eContent field of encapContentInfo must be present and contains actual content of the signed object.
- There must be exactly one certificate in the
certificates
set. It must be of the certificate choice (that’s not exactly in RFC 6488, but it is the only logical choice for ‘the RPKI end-entity (EE) certificate needed to validate this signed object’), which in practice means it is just oneCert
. - The crls field must be omitted.
The SignerInfos structure:
SignerInfos ::= SET OF SignerInfo
SignerInfo ::= SEQUENCE {
version CMSVersion,
sid SignerIdentifier,
digestAlgorithm DigestAlgorithmIdentifier,
signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
signatureAlgorithm SignatureAlgorithmIdentifier,
signature SignatureValue,
unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
SignerIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] EXPLICIT SubjectKeyIdentifier }
SubjectKeyIdentifier ::= OCTET STRING
SignatureValue ::= OCTET STRING
Limitations are as follows:
- There must be exactly one SignerInfo present.
- The version must be 3.
- The sid must be identical to the value of the Subject Key Identifier extension of the included certificate. I.e., it must be the second choice.
- The digestAlgorithm must be the same as the only value in the outer digestAlgorthm field.
- The signedAttrs field must be present. See below.
- For the content of the signature field, see below.
- The unsignedAttrs field must be omitted.
Finally, SignedAttributes is a sequence of attributes keyed by an OID. RPKI has two mandatory and two optional attributes. Definition for all of these is the following:
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
Attribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
attrValues SET OF AttributeValue }
ContentType ::= OBJECT IDENTIFIER
MessageDigest ::= OCTET STRING
SigningTime ::= Time
Time ::= CHOICE {
utcTime UTCTime,
generalizedTime GeneralizedTime }
BinarySigningTime ::= BinaryTime
BinaryTime ::= INTEGER (0..MAX)
The two mandatory attributes are ContentType and MessageDigest. The content type attribute must be the same as the eContentType field of the encapContentInfo. The message digest attribute contains the digest value of the (actual) content.
The SigningTime and BinarySigningTime attributes are optional. Their presence is not considered when validating a signed object.
No other attribute may be present.
For the object identifiers of the attributes, see the oid
module.
The signature field of the signed object contains a signature over the DER encoding of the signedAttrs field.